In this tutorial, we will talk about Free Let’s Encrypt SSL certificate alternatives.
We are going to show you how to install a Free Let’s Encrypt SSL certificate and its alternatives such as BuyPass and ZeroSSL certificates. The SSL certificate is a digital certificate, that enables the encrypted collection to identify the identity of the website and improves its security.
The SSL certificate is required also to verify ownership of the website, prevent attackers from creating fake versions of the website, and keep user data secure. Let’s get started!
Table of Contents
Prerequisites
- Fresh install of Linux OS such as Ubuntu, Debian or CentOS
- User privileges: root or non-root user with sudo privileges
In this tutorial, we are going to use Ubuntu 20.04 as OS.
Update the System
Since this is a fresh install of Ubuntu 20.04 we need to update the system to its latest version.
sudo apt-get update -y && sudo apt-get upgrade -y
You need to allow some time for the system to get the latest information.
Install Free Let’s Encrypt SSL certificate
Before we install the certificate we need to install certbot software on our system
sudo apt install certbot python3-certbot-apache -y
The next step is to obtain the certificate
sudo certbot --apache
In the next few steps, you will be asked some questions while you install the Free Let’s Encrypt SSL certificate
root@vps:~# sudo certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): admin@your_domain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: your_domain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 Obtaining a new certificate Performing the following challenges: http-01 challenge for your_domain.com Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/your_domain-le-ssl.conf Deploying Certificate to VirtualHost /etc/apache2/sites-available/your_domain-le-ssl.conf Enabling available site: /etc/apache2/sites-available/your_domain-le-ssl.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Redirecting vhost in /etc/apache2/sites-enabled/your_domain.com.conf to ssl vhost in /etc/apache2/sites-available/your_domain-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://your_domain.com
Let’s say the limit for Let’s Encrypt is reached after multiple attempts and we are not able to install a certificate. Then we should wait for some time after we try again. This is the main purpose of this blog post, to use an alternative way to install a free SSL certificate and that way is to use free BuyPass or ZeroSSL.
Install Socat and Acme
Before we start installing the Free Let’s Encrypt SSL alternatives, we need to install some prerequisites on our server for fake web server and client support features:
sudo apt install socat -y && sudo curl https://get.acme.sh | sh && source ~/.bashrc
Install Free BuyPass SSL certificate
Create BuyPass.com account:
acme.sh --server https://api.buypass.com/acme/directory --register-account --accountemail admin@your_domain.com
You should receive the following output:
# root@vps:~# acme.sh --server https://api.buypass.com/acme/directory --register-account --accountemail admin@your_domain.com [Thu 11 Nov 2021 11:42:54 AM UTC] Create account key ok. [Thu 11 Nov 2021 11:42:55 AM UTC] Registering account: https://api.buypass.com/acme/directory [Thu 11 Nov 2021 11:42:58 AM UTC] Registered [Thu 11 Nov 2021 11:42:59 AM UTC] ACCOUNT_THUMBPRINT='vOwTA7qCPKft4BWy0gkmEAD0Dpfbl5OuGRC5zUjBGgM
Next step is to generate the BuyPass free SSL using acme.sh
acme.sh --issue --standalone -d your_domain.com --server https://api.buypass.com/acme/directory
You should receive the following output:
root@vps:~# acme.sh --issue --standalone -d your_domain.com --server https://api.buypass.com/acme/directory [Thu 11 Nov 2021 11:45:50 AM UTC] Using CA: https://api.buypass.com/acme/directory [Thu 11 Nov 2021 11:45:50 AM UTC] Standalone mode. [Thu 11 Nov 2021 11:45:50 AM UTC] Creating domain key [Thu 11 Nov 2021 11:45:51 AM UTC] The domain key is here: /root/.acme.sh/your_domain.com/your_domain.com.key [Thu 11 Nov 2021 11:45:51 AM UTC] Single domain='your_domain.com' [Thu 11 Nov 2021 11:45:51 AM UTC] Getting domain auth token for each domain [Thu 11 Nov 2021 11:45:58 AM UTC] Getting webroot for domain='your_domain.com' [Thu 11 Nov 2021 11:45:59 AM UTC] Verifying: your_domain.com [Thu 11 Nov 2021 11:45:59 AM UTC] Standalone mode server [Thu 11 Nov 2021 11:46:04 AM UTC] Success [Thu 11 Nov 2021 11:46:04 AM UTC] Verify finished, start to sign. [Thu 11 Nov 2021 11:46:05 AM UTC] Lets finalize the order. [Thu 11 Nov 2021 11:46:05 AM UTC] Le_OrderFinalize='https://api.buypass.com/acme/order/YRsxSMk6P5zbryxUWTA6FFy4UfT0YScFAuG75YtJjpQ/finalize' [Thu 11 Nov 2021 11:46:11 AM UTC] Downloading cert. [Thu 11 Nov 2021 11:46:11 AM UTC] Le_LinkCert='https://api.buypass.com/acme-v02/cert/ffNgivH34nQ' [Thu 11 Nov 2021 11:46:13 AM UTC] Cert success. -----BEGIN CERTIFICATE----- MIIGUTCCBDmgAwIBAgILAX+PZflhM/+VCm8wDQYJKoZIhvcNAQELBQAwSzELMAkG A1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYDVQQD DBRCdXlwYXNzIENsYXNzIDIgQ0EgNTAeFw0yMTExMTExMTQ2MDZaFw0yMjA1MDky MTU5MDBaMBYxFDASBgNVBAMMC3Npcmthcm92LnRrMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA1H2bcqmY8Rbna4q7OTXPolM5TTHgDLw+6MWTYxCMhqQf PvnHzIjRqIacfF3ZyrTKW3+viYs+lonW7kSvTTdpa5kTh5PqUHX+gjTP2mHZnuAg vqdFGq1yIuqi1cWzual4d9gm+eE7ls3YpDjt/vjUnEyFbRI7a6irBTLYAJzjLgwV dRVEGodrHCTQm9rByQlNOfhnSCJCaJXAW+Ij0LfurrHye+7MZUv/rCWwRg/S7Q13 36f07NRvDlDsCpduTo5Qq+ax+oIxkvYtlqkekK7VXji2S0I5xWmjKzD8xkgPAQgY RI3VEbQzbQOQpD66XNXOwddN/7HkjUE0gWcnLs+7qQIDAQABo4ICaTCCAmUwCQYD VR0TBAIwADAfBgNVHSMEGDAWgBQnUqRvLSqrQJOQ7NZpy/58YTt8QjAdBgNVHQ4E FgQUvT/JeGhVXLeN4HshbKPeN4iRKs0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSAEGDAWMAoGCGCEQgEaAQIHMAgG BmeBDAECATA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmJ1eXBhc3Mubm8v Y3JsL0JQQ2xhc3MyQ0E1LmNybDAWBgNVHREEDzANggtzaXJrYXJvdi50azBqBggr BgEFBQcBAQReMFwwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmJ1eXBhc3MuY29t MDUGCCsGAQUFBzAChilodHRwOi8vY3J0LmJ1eXBhc3Mubm8vY3J0L0JQQ2xhc3My Q0E1LmNlcjCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3ACl5vvCeOTkh8FZzn2Ol d+W+V32cYAr4+U1dJlwlXceEAAABfQ7RwLUAAAQDAEgwRgIhAOMVl2pyMDQoCNB8 oyh4oWiDftkxR7GPdzRW6RXq/N65AiEA7yaxgskn/H6I7fBnVGS/hxrv76CnP/4F 17WBFcxXFdYAdwBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAX0O 0cSXAAAEAwBIMEYCIQDQv4AdodSMnVYz0ISEAouj4ekYBrKhgaYSb4FwT79wYwIh AMgcsNh0Xi4RLc++UZplKa2ssYk0Kkh5xURgkZnn2aWSMA0GCSqGSIb3DQEBCwUA A4ICAQABCrfjNmDtu1VflmFSGQEWxeECEHp42jR1wvsxUKrghkGK9uHgp7xlvfPj /Hz1BZ87hPF6NjRx1I4H0XAy3SAvbikYXUrvuD0gi/+QXaDXSOsDRnrlkEBNLAtI sKJnBNyMrbFdneDVtJDQ1xUwmRexkAKAUeVkm4LxAoq97TxsIE/RlS/afsTsDNwo 53wl7nY6s9nG1ftLG/3GVvbe7Uh0/BO69R1i2v+xpg4V3WEswp04A0VIwKMjV859 la6AbXnoj9laG05N9sw+cQfiyzFUGkPLfef7InTmoJ/PUU2kLSGgZ16z2gyTYiZS dM+zD7Sy8FkgSOecWpZFQwByv/HZuVfOXf6nJhIbirljRAt3cs37nMGt+Py9oq2E /C7GbHAtk/hOOYqFQYNurrAna65WeF+ID2Sx71B32aSB3yl95HgzOHydD/Wl90xf OED66/dgEeMD59VcdJ9DeexGNZZlSVBIwlLNEFW6nqSh09og3jAKhB4p9sCS9vFP RYoeAxo+Vgy6Jy1fj3NSEC/LW4Lz5JW6fHMIRHJ3cCt5YloYgpfRW1n30p6clOth jTjv1l0CzDtQhLe7aaVA0ux+BNvHAdEwrK06LKv59UBJ6JW5pw4AtfOC2YdSITJC /FYz4ToP5GfN1UgYGDnkGguFw/MmUBPNpvZUGbNR0lO+MPgTdw== -----END CERTIFICATE----- [Thu 11 Nov 2021 11:46:13 AM UTC] Your cert is in: /root/.acme.sh/your_domain.com/your_domain.com.cer [Thu 11 Nov 2021 11:46:13 AM UTC] Your cert key is in: /root/.acme.sh/your_domain.com/your_domain.com.key [Thu 11 Nov 2021 11:46:13 AM UTC] The intermediate CA cert is in: /root/.acme.sh/your_domain.com/ca.cer [Thu 11 Nov 2021 11:46:13 AM UTC] And the full chain certs is there: /root/.acme.sh/your_domain.com/fullchain.cer
Where your_domain.com will be your real domain and real paths to the certificate
Install Free ZeroSSL certificate
Now, when we have the prerequisites installed we can proceed with the ZeroSSL commands for installing the certificate
The first is to create a ZeroSSL account:
acme.sh --register-account -m admin@your_domain.com --server zerossl
You should receive the following output:
# root@vps:~# acme.sh --register-account -m admin@your_domain.com --server zerossl [Thu 11 Nov 2021 12:00:53 PM UTC] Create account key ok. [Thu 11 Nov 2021 12:00:53 PM UTC] No EAB credentials found for ZeroSSL, let's get one [Thu 11 Nov 2021 12:00:55 PM UTC] Registering account: https://acme.zerossl.com/v2/DV90 [Thu 11 Nov 2021 12:00:57 PM UTC] Registered [Thu 11 Nov 2021 12:00:57 PM UTC] ACCOUNT_THUMBPRINT='HAPgD8ldayEpdEnHlNZJB3-S8pH7FIce9vUJU5oYpHI'
Next is to generate ZeroSSL with acme.sh
acme.sh --issue --standalone -d your_domain.com --server zerossl
You should receive the same output as from BuyPass SSL, the same path to the certificate, and a different key of course since it is another SSL:
................. la6AbXnoj9laG05N9sw+cQfiyzFUGkPLfef7InTmoJ/PUU2kLSGgZ16z2gyTYiZS dM+zD7Sy8FkgSOecWpZFQwByv/HZuVfOXf6nJhIbirljRAt3cs37nMGt+Py9oq2E /OED66/dgEeMD59VcdJ9DeexGNZZlSVBIwlLNEFW6nqSh09og3jAKhB4p9sCS9vFP RYoeAxo+Vgy6Jy1fj3NSEC/LW4Lz5JW6fHMIRHJ3cCt5YloYgpfRW1n30p6clOth jTjv1l0CzDtQhLe7aaVA0ux+BNvHAdEwrK06LKv59UBJ6JW5pw4AtfOC2YdSITJC /C7GbHAtk/hOOYqFQYNurrAna65WeF+ID2Sx71B32aSB3yl95HgzOHydD/Wl90xf OED66/dgEeMD59VcdJ9DeexGNZZlSVBIwlLNEFW6nqSh09og3jAKhB4p9sCS9vFP== -----END CERTIFICATE----- [Thu 11 Nov 2021 11:46:13 AM UTC] Your cert is in: /root/.acme.sh/your_domain.com/your_domain.com.cer [Thu 11 Nov 2021 11:46:13 AM UTC] Your cert key is in: /root/.acme.sh/your_domain.com/your_domain.com.key [Thu 11 Nov 2021 11:46:13 AM UTC] The intermediate CA cert is in: /root/.acme.sh/your_domain.com/ca.cer [Thu 11 Nov 2021 11:46:13 AM UTC] And the full chain certs is there: /root/.acme.sh/your_domain.com/fullchain.cer
Enable SSL on Web Server
Add these 2 lines into your webserver configuration file:
If you are using Apache as a Web Server
SSLCertificateFile /root/.acme.sh/your_domain.com/fullchain.cer SSLCertificateKeyFile /root/.acme.sh/your_domain.com/your_domain.com.key
If you are using Nginx as a Web Server
ssl_certificate /root/.acme.sh/your_domain.com/fullchain.cer; ssl_certificate_key /root/.acme.sh/your_domain.com/your_domain.com.key;
Congratulations! You successfully managed to install Free Let’s Encrypt alternatives and now you can choose between three different free SSL providers.
We can easily set up your SSL certificates, set up your website, and maintain everything for free and for life if you are one of our managed Linux hosting users. Our admins can fully support you and all of your server’s needs at no extra cost, while still giving you full control over everything on your server.
If you liked this post on how to install Free Let’s Encrypt certificate alternatives, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.